Vulnerability in dependency http-server opener

[m-wagner98]

Current Behavior

The OWASP dependency check tool reports a known vulnerability in the @nx/web@18.0.7 package.
Vuln: CVE-2022-43604.
There is an issue on the http-server project side: http-party/http-server#860 which is still open.

Expected Behavior

The package should not have any known vulnerabilities, especially no with Base Score: CRITICAL (9.8).

GitHub Repo

No response

Steps to Reproduce

1. Have an nx workspace where the following dependency is present in the package.json: "@nx/webpack": "18.0.7"
2. Perform a OWASP dependency check vulnerability scan.
3. Inspect the report of the scan --> The project contains known vulnerabilities in sub dependencies. With the help of npm ls I could see where the vulnerable package came from:
   username@pc-name % npm ls opener
   @app/source@0.0.0
   └─┬ @nx/web@18.0.7
   └─┬ http-server@14.1.1
   └── opener@1.5.2

Nx Report

Node   : 21.6.2
OS     : darwin-arm64
npm    : 10.2.4

nx                 : 18.0.7
@nx/js             : 18.0.7
@nx/jest           : 18.0.7
@nx/linter         : 18.0.7
@nx/eslint         : 18.0.7
@nx/workspace      : 18.0.7
@nx/angular        : 18.0.7
@nx/cypress        : 18.0.7
@nx/devkit         : 18.0.7
@nx/eslint-plugin  : 18.0.7
@nx/nest           : 18.0.7
@nx/node           : 18.0.7
@nrwl/tao          : 18.0.7
@nx/web            : 18.0.7
@nx/webpack        : 18.0.7
typescript         : 5.3.3
---------------------------------------
Community plugins:
@ionic/angular : 7.7.3

Failure Logs

No response

Package Manager Version

No response

Operating System

• macOS
• Linux
• Windows
• Other (Please specify)

Additional Information

No response